Slackware-14.1 ChangeLog (2013-09-09)

Mon Sep 9 03:34:59 UTC 2013

Packages

Rebuilt

a/lilo-24.0-i486-2.txz
Use os-prober to filter unbootable FAT/NTFS partitions from the list of
partitions that might contain a bootable Windows installation.

l/glibc-2.17-i486-6.txz
Patched to remove pt_chown. Thanks to mancha.
Note that while this patches CVE-2013-2207 (a local privilege escalation
vulnerability), the vulnerability depends upon insecure and non-default
settings (“user_allow_other” in /etc/fuse.conf) and the patch is not
trivial to port to older versions of glibc. For older versions, the
best approach is to not set that option in fuse.conf, as it likely opens
up other holes as well. Another approach to mitigate this is to make
pt_chown a symlink to /bin/true, as the kernel has handled chowning
pseudo terminals for a long time and pt_chown isn't needed at all.